China Warning to America, Prepare to Live off the Land

It is a major cyber attack discovered by Microsoft. It was discovered while we were all watching that ‘silly spy balloon’ as Biden called it. The attack is called Volt Typhoon, so be on notice America. The Biden White House has said nothing….

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.

To achieve their objective, the threat actor puts strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity. They issue commands via the command line to (1) collect data, including credentials from local and network systems, (2) put the data into an archive file to stage it for exfiltration, and then (3) use the stolen valid credentials to maintain persistence.

***

Dark Reading in part published the following:

China-sponsored threat actors have managed to establish persistent access within telecom networks and other critical infrastructure targets in the US, with the observed purpose of espionage — and, potentially, the ability down the line to disrupt communications in the event of military conflict in the South China Sea and broader Pacific.

The first signs of compromise emerged in telecom networks in Guam, according to a New York Times report ahead of the findings being released. The National Security Agency discovered those intrusions around the same time that the Chinese spy balloon was making headlines for entering US airspace, according to the report. It then enlisted Microsoft to further investigate, eventually uncovering a widespread web of compromises across multiple sectors, with a particular focus on air, communications, maritime, and land transportation targets.

A Shadow Goal? Laying Groundwork for Disruption

The discovery of the activity is playing out against the backdrop of the US’ frosty relations with Beijing; the two superpowers have stalled in their diplomacy since the shooting down of the balloon, and has worsened amidst fears that Russia’s invasion of Ukraine could spur China to do the same in Taiwan.

In the event of a military crisis, a destructive cyberattack on US critical infrastructure could disrupt communications and hamper the country’s ability to come to Taiwan’s aid, the Times report pointed out. Or, according to John Hultquist, chief analyst at Mandiant Intelligence – Google Cloud, a disruptive attack could be used as a proxy for kinetic action.

“These operations are aggressive and potentially dangerous, but they don’t necessarily indicate attacks are looming,” he said in an emailed statement. “A far more reliable indicator for [a] destructive and disruptive cyberattack is a deteriorating geopolitical situation. A destructive and disruptive cyberattack is not just a wartime scenario either. This capability may be used by states looking for alternatives to armed conflict.”

Andersen Air Force Base in Yigo, Guam Anderson Air Foce Base/source

Dubbing such preparations “contingency intrusions,” he added that China is certainly not alone in conducting them — although notably, China-backed APTs are typically far more focused on cyber espionage than destruction.

“Over the last decade, Russia has targeted a variety of critical infrastructure sectors in operations that we do not believe were designed for immediate effect,” Hultquist noted. “Chinese cyber threat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks. As a result, their capability is quite opaque.”

An Observed Focus on Stealth & Spying

To achieve initial access, Volt Typhoon compromises Internet-facing Fortinet FortiGuard devices, a popular target for cyberattackers of all stripes (Microsoft is still examining how they’re being breached in this case). Once inside the box, the APT uses the device’s privileges to extract credentials from Active Directory account and authenticate to other devices on the network. Read more here. 

Officials Confirm Chinese Balloon Collected Intelligence from Several Sensitive Sites

The administration came out with several lies abut the balloon and continued to claim it had limited value to the Chinese. Chairman of the Joint Chiefs additionally along with other military officials provided China with off-ramps stating the balloon had a glitch and went astray and further told the White House not to shoot it down due to the potential debris field. The Pentagon assessed that the balloon uncovering important information was not great. Even more terrifying is what China has planned with the intelligence gathered and what other rogue/enemy nations have access.

A balloon flies in the sky over Billings, Montana, US, February 1, 2023 in this picture obtained from social media. (Chase Doak/via Reuters)

Now, April 3, 2023, NBC has officially reported some truths.

The Chinese spy balloon that flew across the U.S. was able to gather intelligence from several sensitive American military sites, despite the Biden administration’s efforts to block it from doing so, according to two current senior U.S. officials and one former senior administration official.

China was able to control the balloon so it could make multiple passes over some of the sites (at times flying figure eight formations) and transmit the information it collected back to Beijing in real time, the three officials said. The intelligence China collected was mostly from electronic signals, which can be picked up from weapons systems or include communications from base personnel, rather than images, the officials said.

The three officials said China could have gathered much more intelligence from sensitive sites if not for the administration’s efforts to move around potential targets and obscure the balloon’s ability to pick up their electronic signals by stopping them from broadcasting or emitting signals.

The National Security Council referred NBC News to the Defense Department for comment. The Defense Department directed NBC News to comments from February in which senior officials said the balloon had “limited additive value” for intelligence collection by the Chinese government “over and above what [China] is likely able to collect through things like satellites in low earth orbit.”

China has said repeatedly that the balloon was an unmanned civilian airship that accidentally strayed off course, and that the U.S. overreacted by shooting it down. Officials have not said which company, department or organization the balloon belonged to, despite several requests for comment by NBC News.

After the balloon was shot down in February, Biden administration officials said it was capable of collecting signals intelligence.

The balloon had a self-destruct mechanism that could have been activated remotely by China, but the officials said it’s not clear if that didn’t happen because the mechanism malfunctioned or because China decided not to trigger it.

The balloon first entered U.S. airspace over Alaska on Jan. 28, according to the Biden administration, which said it was tracking it as it moved. Within the next four days, the balloon was flying over Montana — specifically Malmstrom Air Force Base, where the U.S. stores some of its nuclear assets.

The real damage assessment at this point cannot be measured but clearly China spied successfully and will heads roll? Nah…

Biden Admin Using Taxpayer Dollars to Fund CCP Research at UVA

With the decades of proof of the intellectual theft and espionage by the Chinese inside the United States, the Biden administration is not protecting America at all in fact helping to fund the Chinese Communist Party operations inside the United States.

During the Trump administration, espionage was so dangerous, two embassies were shuttered. Then there is the matter of Tik Tok….but now this? Is this a John Kerry climate agenda item and is it going on at other U.S. universities or institutions?

The Free Beacon reports:

The Biden administration is using taxpayer cash to fund a University of Virginia climate change partnership with a Chinese Communist Party-controlled school that conducts research for China’s military.

President Joe Biden’s National Science Foundation last year awarded more than $130,000 to the University of Virginia to conduct climate change research with Beijing-based Tsinghua University, federal spending disclosures show. Tsinghua University, which counts Chinese president Xi Jinping among its alumni, will work with University of Virginia researchers to chart the global “transition to a low-carbon economy,” according to the grant description.Board Approves 'Great and Good' Strategic Plan for University of ... UVA source

Tsinghua University is funded by China’s Ministry of Education and maintains a “CCP Committee” that keeps the school “in accordance with President Xi’s hopes.” It also holds “secret-level security credentials” for classified military research, trains students for China’s nuclear weapons program, and has allegedly carried out cyberattacks for the Chinese government, according to the Australian Strategic Policy Institute. It is also one of several Chinese universities under the supervision of the communist nation’s State Administration of Science, Technology, and Industry for National Defense, a CCP agency that works to deepen university involvement in the defense sector.

The National Science Foundation’s decision to fund the partnership with Tsinghua calls into question the foundation’s vetting process as it enjoys a record-high budget. The bipartisan CHIPS Act, which Biden said would help “counter China,” authorized $80 billion in funding for the National Science Foundation to invest in research and development. But in the case of its University of Virginia grant, the foundation found working with the Chinese on climate change “worthy of support.”

For American Foreign Policy Council fellow Michael Sobolik, the foundation’s decision to use “taxpayer money to facilitate research cooperation with a People’s Liberation Army-affiliated university” is “questionable at best.”

“We’ve seen time and again how the CCP leverages people-to-people ties to further its malign influence within the United States,” Sobolik told the Washington Free Beacon. “When you’re in the midst of a cold war, you can’t play both sides of the ledger. The sooner we accept that reality, the better.”

The National Science Foundation downplayed Tsinghua’s role in the project, with research security strategy and policy chief Rebecca Keiser saying the Chinese school’s involvement stems from “researcher-to-researcher collaboration.”

The foundation “has instituted a first-in-government analytics process to identify research security concerns and ensure transparency when assessing proposals and awards to ensure that any international collaboration provides mutual benefit,” Keiser said in a statement. “In any international research collaboration, [the National Science Foundation] only funds the U.S. side.”

The grant, which started in October and runs through 2026, funds University of Virginia research into “the transition to a low-carbon economy.” Tsinghua and a second Chinese partner, the China University of Petroleum-Beijing, will conduct similar research in China, the results of which “will be used to develop a U.S.-Chinese collaborative course on climate leadership skills.” That collaboration, the grant says, “will lead to better strategies for lowering emissions in the United States that are complementary to those in China.” China is by far the biggest polluter in the world—in 2019, it emitted more greenhouse gases than all developed nations combined.

This is not the first time the University of Virginia has partnered with Tsinghua. The two schools are exchange partners, and the University of Virginia’s engineering department in 2017 developed a “teaching collaboration” with Tsinghua that saw students from both schools pair up for homework assignments. That project, however, does not appear to have received federal money. Beyond the October grant, the National Science Foundation has only funded projects linked to Tsinghua on two other occasions—once under Biden last June and once under former president Barack Obama in April 2011. Both of those grants, which went to Boston University and Drexel University, respectively, funded academic workshops that included participants from Tsinghua.

A University of Virginia spokesman defended the university’s work with Tsinghua, arguing that because the project “does not involve critical technologies or military applications,” it does not compromise U.S. national security interests.

“An important part of researching global challenges like climate change is working with institutions around the world to compare the effects of a warming climate and the efficacy of different proposed solutions,” university spokesman Brian Coy said. “As part of those efforts, we take seriously our responsibility to operate within all U.S. laws and regulations regarding the protection of intellectual property and U.S. national security interests.”

“Our university collaborates closely and transparently with federal regulatory and law enforcement partners in order to ensure our collaborative research efforts contribute to human understanding of global challenges without compromising our interests as a nation,” Coy said.

The university’s partnership with Tsinghua could attract scrutiny from Republican Virginia governor Glenn Youngkin. “Since being elected, the governor has taken steps to protect Virginians from the malign influence of the Chinese Communist Party,” Youngkin spokesman Christian Martinez told the Free Beacon. “Through his TikTok ban on all state devices and networks, prohibiting foreign adversaries, including China, from acquiring the commonwealth’s agricultural land, requesting Fairfax County schools cut ties with CCP-linked entities, and preventing a Trojan horse deal for a CCP-linked battery manufacturer to produce electric vehicle batteries propped up by U.S. tax incentives, the governor has made it clear that there is no room in Virginia for the Chinese Communist Party.”

National Science Foundation director Sethuraman Panchanathan, who serves at the pleasure of the president, in 2014 was put on the foundation’s National Science Board by Obama. Then-president Donald Trump in June 2020 went on to elevate Panchanathan to foundation director. Biden has appointed 10 of the National Science Board’s 24 members.

 

While the National Science Foundation’s grant did not send federal money directly to Tsinghua, the Chinese university has received money from American actors in the past. The Bill and Melinda Gates Foundation—one of America’s largest liberal nonprofits—gave Tsinghua more than $1.5 million in 2021, the Free Beacon reported in January.

 

Meet Zhe Wu and His Low Orbit Balloon Program

It went with almost zero attention that between our US Commerce Department added a handful of companies to a so-called Entity List last week, restricting them from obtaining US technologies in a move blasted by Beijing on Monday as “illegal unilateral sanctions”, almost as soon as the first balloon was shot out of the sky off the coast of South Carolina. Now, just exactly how did our officials know to do that so fast? Now we have to wonder why Treasury has not done the same.

At least someone was paying attention and knew of Zhe Wu and his work…yet no other part of any Federal agency or any part of the military was on their game for the last several years?

Okay…sounds about right.

Beijing Nanjiang Aerospace Technology

Established in 2015, Beijing Nanjiang is controlled by a subsidiary of Shanghai-listed real estate company Deluxe Family Co Ltd, which also invests in materials and robotics projects.

The state-run Science and Technology Daily in 2015 hailed the firm’s development of a large silver helium airship as the country’s first “new near-space platform with capabilities for both military and surveillance use”.

State media said the company’s steerable, reusable and continuously powered airship was equipped with broadband communications and “high-definition observation” gear.

China Electronics Technology Group Corporation 48th Research Institute

Part of a state-owned IT giant, the research institute specialises in building power systems and solar energy components, as well as semiconductor equipment.

The institute has worked to develop flexible solar power cells suitable for both military and civilian aircraft, the China National Space Administration said in a document in 2017.

Parent company China Electronics Technology Group Corporation also funds Hikvision, a surveillance camera maker that has been implicated in intensified monitoring of the Uyghur minority in Xinjiang.

Eagles Men Aviation Science and Technology Group Co

Founded by military aircraft expert Wu Zhe, the group specialises in research and development of stealth aircraft technologies.

Eagles Men is “devoted to becoming a benchmark business for China’s (strategy of) military-civil fusion”, according to the company’s profile page on the official Chinese Society of Aeronautics and Astronautics website.

The company in 2013 filed a patent for making airship skins stronger.

Wu told state media in 2019 that his team had developed a stratospheric airship able to “fly around the globe”.

Dongguan Lingkong Remote Sensing Technology Co

Set up in 2019, the company counts among its investors a branch of the state-run Beihang University, as well as Eagles Men Aviation.

Public records show Dongguan Lingkong has received licences from local market supervisors to conduct research on remote sensing technology, which allows aircraft to detect conditions on the ground from a high altitude.

Guangzhou Tian-Hai-Xiang Aviation Technology Co

The company was originally established by the Chinese military to develop “vehicle-mounted unmanned reconnaissance aircraft”, according to its official website.

Specialising in surveillance drones, the company was reorganised in 2006 with its current name and under the control of military veteran Li Yuzhuang.

Tian-Hai-Xiang says it has received multiple defence science awards, with its website boasting that the company was “the first unit in the domestic drone industry to equip our military’s first digitalised troops”.

Shanxi Eagles Men Aviation Science and Technology Group Co

A wholly owned subsidiary of Eagles Men Aviation, the company was set up in 2012 with a focus on chemical products, according to Chinese business database Tianyancha.

As report in part from The Wire:

On an October morning in 2007, Wu Zhe, an aircraft design expert at Beihang University, gave a lecture about the “military value of balloons.” He described why it was an area of key scientific research for China and explained different solutions for powering these unique aircraft. When he concluded, according to a university press release, his “erudite knowledge and brilliant speech” received multiple rounds of applause.

Nearly two decades later, Wu and his business partner, a tech investor and executive named Wang Dong, are at the center of a military-linked program that has sent balloons over the U.S. and other nations, setting off a diplomatic crisis in Washington. After days of intense media coverage, on February 4, the U.S. shot down one Chinese balloon off the coast of South Carolina, and has since shot down three more unidentified objects floating in American and Canadian airspace.

On Friday, the Commerce Department announced that they were leveling sanctions against six Chinese companies involved in the balloon program — which U.S. officials say aims to intercept communications and surveil the ground below, including sensitive military sites.

Records show that Wu and Wang are linked to four of the six sanctioned firms. The two men, according to data from WireScreen, have a complex network of companies involved in balloon and aerospace technologies, some of which are closely affiliated with the Chinese military but are not sanctioned by the U.S. government.

In a statement on Friday about the sanctions, Alan F. Estevez, the under secretary of commerce for industry and security, said that “today’s action makes clear that entities that seek to harm U.S. national security and sovereignty will be cut off from accessing U.S. technologies.” Neither of the two Chinese men, through their companies, responded to requests for comment.

Zhe Wu has published at least 23 scholarly papers of his work and they are found here..quite chilling actually. For instance: (note the date)

Hovering control for a stratospheric airship in unknown wind

A novel hovering control methodology for a stratospheric airship is presented by using path following approach in the presence of unknown wind by expressing the wind field in the state equation, which avoids the difficulty of guaranteeing system stability in strong wind for other stabilization methods.

In late 2022,
noted –>

Mystery airship spotted over Philippines near South China Sea

  • Images of an unidentified craft near Subic Bay have sparked speculation it could have been collecting military intelligence
  • There is no evidence the airship was from China, though its design appears similar to types on display at the Zhuhai air show

Images of the stratospheric airship – allegedly taken in Pangasinan province, about 100km (62 miles) from Subic Bay in the northern Philippine island of Luzon – were first posted on Facebook last weekend. The pictures were deleted, but not before they were also shared on Twitter.

There is no evidence that the airship was from China, although its design appears to be similar to several unmanned types developed by the state-owned Aviation Industry Corporation of China’s Special Aircraft Research Institute and other scientific academies.

Images of a stratospheric, long-endurance airship, said to have been taken near Subic Bay in the northern Philippines, were shared on social media. Photo: Facebook
The we hear that the objects in the airspace of North America were cylindrical.
Could it be? Below reported from Poland in reference to the same object.
Philippines. A stratospheric airship over the disputed South China Sea -  Polish News
I have asked several out there smarter than me about the connection of the objects with clustered ground hubs..or if ground hubs were dropped by the balloon or objects….I did not need an answer.. Seems there are several that have the answers and we are collaborating AGAIN with China?
An Observation Scheduling Approach Based on Task Clustering for High-Altitude Airship
by Jiawei  Chen, Oizhang Luo and Guohua Wu.

1
School of Computational Science and Engineering, Georgia Institute of Technology, Atlanta, GA 30332, USA
2
School of Traffic & Transportation Engineering, Central South University, Changsha 410075, China
3
Department of Electrical & Computer Engineering, National University of Singapore, Singapore 119260, Singapore
Sensors 22 02050 g001 550

You but the judge….

 

Delete TikTok and then Get a New Phone, Period

Don’t use TikTok in any form. Don’t even open it when it has been sent to you. Spread the word and do it now. Why you ask?
Well if the Pentagon has issued an order to all military personnel, uniformed and civilian to not download or use TikTok that is a good reason to consider. But, there is a movement among Republican governors that have issued executive orders with much the same language for all state employees and contractors…TikTok is forbidden. So far those states include: Utah, South Dakota, Texas, Maryland and Nebraska. Even FBI Director Chris Wray has said he is extremely worried about the app.

TikTok - Make Your Day

There is a rather shallow attempt by TikTok otherwise known as Byte Dance the parent company to address security concerns. That effort is known as Project Texas. What about this Project Texas thing? It is a result of the letter sent to TikTok by several Senators dated last June. Read the letter here in case you need to understand more.

Source: Warnings don’t come as blunt as the one Sen. Tom Cotton (R-AR) dished Thursday to the users of the highly popular Chinese TikTok app.

“Let me just be clear,” said Cotton, a China critic. “If you have TikTok on your device, you should delete it from your device. And even better, you should go and buy a new device and not download TikTok,” he added.

Cotton is the latest official to warn of intelligence findings that the app is collecting vital information on users and possibly storing it for future use — even blackmail.

Addressing China and Chinese immigration scams at a conference hosted by the Center for Immigration Studies, Cotton warned younger audience members about the possible trap the app was setting them up for.

“The back-office risks of TikTok aren’t the videos you see and the kind of corrosive effects it has on the minds of America’s youth. It’s the data that it collects,” he said.

“And that data can be used against our kids as they grow up, and not just kids obviously. Grown-ups use it too. I think, increasingly, people in Washington are using it to try and reach voters, communicate. That means they are being exposed as well,” he said.

Cotton also said that the app “exposes all of your personal data, perhaps all of the data that you have on your device, to collection and exploitation. It’s not like if your 15-year-old daughter is watching videos of drum major routines that that’s going to put her at risk. But if it accesses every bit of other information on her phone, then that can put her at risk. And it puts her at risk for the rest of her life. This data doesn’t just disappear. It’s collected in troves” and can be used against her if she lands a sensitive job in the future.

The center hosted Cotton because he has recently pushed Homeland Security on the app and TikTok’s use of visas to bring in Chinese nationals who take U.S. jobs at reduced pay.

“TikTok captures vast amounts of private information on users, including American citizens, and has long been suspected of providing the CCP with potential access to that information. This threatens the safety and security of American citizens and also functions as an avenue for the Chinese government to track the locations of and develop blackmail on federal employees and contractors,” he said in a letter to Homeland Security.

He also has asked the DHS to explain how many visas it has granted TikTok’s U.S. outlet, ByteDance. He said in the letter to the DHS that “Beijing-based employees of ByteDance have targeted specific American users for surveillance, and that at least 300 TikTok and ByteDance employees are also current or former employees of Chinese state media.”